Forensics Investigation with Autopsy.md - Juan-bit94/Ops401D10 GitHub Wiki

Forensics Investigation with Autopsy

This topic matters because computer forensics and cybersecurity are essential for protecting sensitive information.
This helps an organization to mitigate cyber attacks, be in compliance, and maintain business continuity.

When it comes to identifying the differences between computer forensics and cybersecurity, it becomes apparent that they are two different domains.
Cybersecurity is focused on preventing and mitigating incidents on the network. This is done by implementing security protocols, frameworks, and policies to an organization and its network infrastructure.
Computer forensics are more concerned with extracting files, data, and any information for various containers. These containers can be digital devices, platforms, and networks. Forensics support cybersecurity as part of incident response, where there skills are used to gather evidence to pace together what happened and if possible, use evidence to prosecute the bad actors.

Identification: Determine the scope of the investigation.
Preservation: securely acquire and preserve digital evidence to prevent tampering or alteration.
Collection: Gather relevant digital evidence from various sources,
Analysis: Examine the collected evidence to identify artifacts, patterns, and other relevant information to the investigation.
Documentation: Document the findings, analysis processes, and methods used during the investigation.
Presentation: present the findings and conclusions of the forensic examination in a clear and understandable manner.

I would like to know more about the legal and ethical considerations associated with digital forensics. If its similar to what law enforcement does during a crime investigation, then it would be good to know things about chain of custody requirements and rules of evidence.